Nataraj (Raj) Nagaratnam, Ph.D., IBM Distinguished Engineer, IBM Master Inventor and CTO for Security Solutions, discussed new security trends, cloud and mobile’s impact on security with theCUBE co-hosts John Furrier and Dave Vellante, live from IBM Pulse 2014.

Commenting on the cloud trend, Nagaratnam said “security remains a top concern. Cloud is actually an opportunity for enhanced security,” but it’s going to be a long journey.

The security conversation was initially held for the web and how to secure it, the answer being defining and protecting a perimeter. With the cloud, “you’re accessing stuff from mobile devices that you no longer trust, you are moving workloads to cloud,” users are consuming services, noted Nagaratnam. “The perimeter disappears,” thus you need to worry about security at application level.

Security, a Big Data problem

 .

“When you think of these security threats across enterprise, cloud, mobile, security is a Big Data problem,” Nagaratnam said. It is a multi-dimensional problem. To solve it,”our strategy is grounded on security intelligence,” security analytics. which is not just about monitoring, it’s finding the incident that’s risky and decide what action you take.”

To further handle fraud threats, IBM has recently acquired Trusteer, he added.

“The first thing customers are asking about is ‘Can you give me intelligence?’ It’s not like you’re going to protect everything. It’s about how to stay ahead  of the threat,” Nagaratnam went on. According to him, while most of the money is still spent on keeping intruders out, “there’s definitely a change in the landscape. It’s not hackers doing it for curiosity.” It’s more about espionage and monetary gain.

Finding the golden nuggets that need to be secured

 .

“We need to start thinking like an attacker, be on the offensive,” Nagaratnam claimed. IBM employs a research arm that looks at malicious activity, tapping into the second largest database in the world on what to trust and what not to trust.

“We back our capabilities with security research, looking at the threat that is evolving,” he said. “That provides you the basis to figure out what to do. Then you have to figure what they are going after, the gold nuggets we need to protect. We work with customers to figure out their data, having a view of what is important to them, because you are not going to protect everything.”

IBM works with customers on what is defined as a “security maturity model. Where are you, what are the risks, what are the key crown jewels to protect, and what do you do in terms of visibility.” When talking to CSOs, “they don’t know where they are,” Nagaratnam said, “that is where they go into discovery mode. A lot of people get into the conversation asking for help discovering where they are in terms of security maturity.”

Three levels of mobile security

 .

“When it comes to mobile,” Nagaratnam explained that “it’s a span of control across corporate controlled devices all the way to BYOD. In that spectrum, we think about managing the device and the content, securing the application, and securing the transaction.”

Asked how IBM managed to accommodate the diversity of customer needs and keep it simple, Nagaratnam said that at “IBM, we have a big focus on design for the last couple of years. We are not thinking in terms of who’s the users, what they need to accomplish. It’s not only user interface and virtualization, but a whole experience.”